
1 . A certificate system, on a network, comprising: 

a certificate authority connected to said network, said certificate authority 
adapted to allow the definition of a virtual certificate comprising a redemption 
5 denomination defined by an issuer user, and a first public key identifier defined 
by said certificate authority; 

a certificate issuance module for creation of an issued certificate upon 
selectable acquisition of said virtual certificate by an acquirer user across said 
network, said issued certificate comprising said redemption denomination and 

1 0 said first public key identifier, said creation of said issued certificate associated 
with a private key which is assigned at time of said acquisition of said virtual 
certificate, wherein said private key does not appear on said issued certificate, 
and wherein said redemption denomination, said first public key identifier, and 
said assigned private key are stored at said certificate authority in association 

1 5 with said issued certificate; 

a certificate authentication module for authorization of an off-line 
redemption of said issued certificate at a redemption location to a holder of said 
issued certificate located at said redemption location, said holder comprising 
any of said acquirer user and an alternate recipient of said issued certificate to 

20 whom said acquirer user has communicated said private key, said authorization 
based upon a communication from said redemption location to said certificate 
authority of said redemption denomination and said first public key identifier 
from said issued certificate, a communication of said private key provided by 
said holder, and a matching comparison of said redemption denomination, said 

25 first public key identifier, and said private key stored at said certificate authority; 
and 

means to cancel further redemption of said issued certificate at said 
certificate authority. 

30 7. The certificate system of Claim 6, wherein said means to deliver said 
redemption denomination and said first public key identifier to said acquirer 
user comprises a printed form of said issued certificate. 
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8. The certificate system of Claim 6, wherein said means to deliver said 
redemption denomination and said first public key identifier to said acquirer 
user comprises an electronic form of said issued certificate. 
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10. The certificate system of Claim 1, wherein said holder of said issued 
certificate is said alternate recipient who submits said private key. 

12. The certificate system of Claim 11, wherein said entered, assigned private 
10 key is uniquely associated with a single acquired issued certificate. 

16. A process within a transaction network, comprising the steps of: 

defining a virtual certificate on a certificate authority, said defined virtual 
certificate comprised of a redemption denomination defined by an issuer user, 

15 and a first public key identifier defined by said certificate authority; 

creating an issued certificate upon acquisition of said virtual certificate by 
an acquirer user on said transaction network, said issued certificate comprising 
said redemption denomination and said first public key identifier, said creation 
of said issued certificate associated with an establishment of a private key 

20 which does not appear on said issued certificate, said redemption 
denomination, said first public key identifier, and said established private key 
stored at said certificate authority in association with said issued certificate; 

authorizing an off-line redemption of said issued certificate at a 
redemption location to a holder of said issued certificate, said holder comprising 

25 any of said acquirer user and an alternate recipient of said issued certificate to 
whom said acquirer user has communicated said private key, wherein said 
authorization is based upon redemption submittal at said redemption location of 
said redemption denomination and said first public key identifier from said 
issued certificate, a communication of said private key provided by said holder, 

30 and a matching comparison of said redemption denomination, said first public 
key identifier, and said private key stored at said certificate authority; and 
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canceling further redemption of said issued certificate at said certificate 
authority. 

21. The process of Claim 16, wherein said step of creation of said issued 
5 certificate comprises a delivery of said redemption denomination and said first 

public key identifier to said acquirer user. 

22. The process of Claim 21, wherein said delivered redemption denomination 
and said first public key identifier are included in a printed form of said issued 

10 certificate. 

23. The process of Claim 21, wherein said delivered redemption denomination 
and said first public key identifier are included in an electronic form of said 
issued certificate. 
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25. The process of Claim 16, wherein within said authorizing step, said holder 
of said issued certificate is said alternate recipient. 

27. The process of Claim 26, wherein said entered established private key is 
20 uniquely associated with a single acquired issued certificate. 
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